i call a RemObjectsSDK HTTPApi Server from a TMS WebCore Webapplication
the problem:
i can’t read out the ‘Access-Token’ from login response
if i call getResponseHeader(‘Access-Token’) on the returned JS-response-object in Chrome,
i will get a “Refused to get unsafe header “Access-Token””
Means this, i need to add ‘Access-Token’ to the Access-Control-Expose-Headers on server side?
if yes, how can i do that?
you can try to add Access-Control-Expose-Headers header into TROHttpApiSimpleAuthenticationManager.WriteAuthenticationInfo method in uROHttpApiSimpleAuthenticationManager unit:
procedure TROHttpApiSimpleAuthenticationManager.WriteAuthenticationInfo(
aResponse: IROHTTPResponse; aSessionInfo: TROHttpApiSession);
begin
if Assigned(SessionManager) then begin
if SessionManager.IsSessionPresent(aSessionInfo.SessionID) then begin
aResponse.Headers[tag_Access_Token] := GUIDToString(aSessionInfo.SessionID);
/// add header here
end;
end;
end;
If this solves this issue, pls inform and we’ll modify RO sources.
You must return the Access-Control-Expose-Headers = Authorization so one must add: aResponse.Headers['Access-Control-Expose-Headers'] := tag_Access_Token;